Overview

overview

8

Static

static

f0b4229e63...77.exe

windows7-x64

8

f0b4229e63...77.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    151s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 19:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f0b4229e63445dba142ff2d4f88b5b0aad336fa0980d827386df61aae8f76677.exe

  • Size

    797KB

  • MD5

    9637d1d783d6629e70f5bb498841ec57

  • SHA1

    166761d0ab919e51a8fa0ea1f0fac22a00e68711

  • SHA256

    f0b4229e63445dba142ff2d4f88b5b0aad336fa0980d827386df61aae8f76677

  • SHA512

    3832068abd4b399a96cdb3e7e4ffbca505edcce7367a4d82a3ea3c2453582b4345248205be320fcf0640b6ad3130d1a49db9fa36a2e9b81ad4fa0a87e3f102fa

  • SSDEEP

    24576:1e2vTsw3Y1PVk4BfoEfLfXiEId6MbQo60:o2a9k4Bfo+oMZ

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0b4229e63445dba142ff2d4f88b5b0aad336fa0980d827386df61aae8f76677.exe
    "C:\Users\Admin\AppData\Local\Temp\f0b4229e63445dba142ff2d4f88b5b0aad336fa0980d827386df61aae8f76677.exe"
    1⤵
    • Adds Run key to start application
    PID:1648

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1648-54-0x0000000000400000-0x0000000000624000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1648-55-0x0000000000400000-0x0000000000624000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1648-56-0x0000000000400000-0x0000000000624000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1648-57-0x0000000075661000-0x0000000075663000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1648-58-0x0000000000400000-0x0000000000624000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1648-59-0x0000000000400000-0x0000000000624000-memory.dmp

          Filesize

          2.1MB

          Download